Kerberos vulnerabilities

2015-11-12T00:00:00
ID USN-2810-1
Type ubuntu
Reporter Ubuntu
Modified 2015-11-12T00:00:00

Description

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2002-2443)

It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5355)

It was discovered that the Kerberos kdcpreauth modules incorrectly tracked certain client requests. A remote attacker could possibly use this issue to bypass intended preauthentication requirements. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-2694)

It was discovered that Kerberos incorrectly handled certain SPNEGO packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2695)

It was discovered that Kerberos incorrectly handled certain IAKERB packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2696, CVE-2015-2698)

It was discovered that Kerberos incorrectly handled certain TGS requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-2697)